Fedora 20, Meteor 0.7.0 and hacked Linux servers examined – Snippets

Fedora 20 arrives: The latest Fedora has arrived, making it into 2013 and looking pretty good. There’s oodles of changes too. Desktop users will find GNOME 3.10 is the default desktop but there’s also Cinnamon 2.0 and Enlightment available, along with the latest KDE 4.11, MATE and others. Under the hood, system administrators will find syslog gone, replaced by journald, and experimental SSD caches, while developers are getting a GUI on Fedora’s DevAssistant, updated Perl, boost, glibc and Ruby 2 with Rails 4. The full release notes will guide you around. We’ve been tracking 20 since alpha, running it on machines here and its been working well – the one thing we haven’t checked out is Fedora 20 on ARM given ARM is now a primary architecture for the distribution. Download Fedora 20 in all its forms from the project’s download page.

Meteor gets update smarts: The latest release of the https://www.meteor.com/ platform for web applications has moved to a smarter way of working out database changes. Meteor 0.7 changes how changes in the database are discovered, away from polling the db and creating a diff and to a technique called oplog tailing – consuming the underlying MongoDB operations log and using it to reduce the queries that have to go to the database. There are caveats, most notably, in production you’ll need a MongoDB server configured as a replica. More details on this and other changes in 0.7.0 are in the release notes.

Hacking Linux Servers: Ars Technica has an article on how a security researcher documented the exploitation of a Linux server with PHP holes and a perlbot. It’s a reminder that attack tools for taking on Linux servers are no longer obscure or complex things and even a script kiddie can do real damage. Old holes do persist in the wild and every old, fixed hole is ready for exploiting. Now, more than ever, keeping your servers up to date with security fixes is essential.